[월:] 2022년 07월

No Image

USN-5479-3: PHP regression

2022-07-08 KENNETH 0

USN-5479-3: PHP regression USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31625) Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31626) Source: USN-5479-3: PHP regression

Automate Security with F5 NGINX App Protect and F5 NGINX Plus to Reduce the Cost of Breaches

2022-07-08 KENNETH 0

Automate Security with F5 NGINX App Protect and F5 NGINX Plus to Reduce the Cost of Breaches It might surprise you to learn that the money you spend on improving your security posture with automation and artificial intelligence (AI) ends up saving you much greater amounts of money. In its Cost of a Data Breach 2021 Report, the IBM Security team reveals that a security breach costs organizations without security automation and AI a whopping 80% more on average than organizations with fully deployed automation and AI – $6.71 million versus $2.90 million, a difference of $3.81 million. By prioritizing security automation and AI, organizations can faster identify and contain a breach, saving both money and time. Data breaches cost organizations without security automation and AI millions more(Source: Cost of a Data Breach 2021 Report) As you integrate security into your CI/CD pipeline, [ more… ]

No Image

Keep connected and creative with Dell’s new Windows 11 Inspiron Plus laptops

2022-07-08 KENNETH 0

Keep connected and creative with Dell’s new Windows 11 Inspiron Plus laptops Dell’s new Windows 11 Inspiron Plus PC laptops are designed for boosting creativity and connection while providing immersive visuals and crisp audio. With Windows 11, they’ll be able to tap into many features that help them connect faster, be creative and/or productive and bring them closer to what (and who) matters most. The Inspiron 16 Plus features the latest 12th Gen Intel Core H-series processors and optional NVIDIA GeForce RTX 3060 graphics for quick photo and video editing. When configured with a GeForce RTX 3060 GPU, it provides access to a powerful suite of NVIDIA Studio tools including Broadcast and Canvas apps. In Windows 11, you can search the Microsoft Store to find favorite apps, movies, shows and steaming services. Load and switch between apps effortlessly with Dell’s [ more… ]

No Image

USN-5506-1: NSS vulnerabilities

2022-07-07 KENNETH 0

USN-5506-1: NSS vulnerabilities Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-22747) Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-34480) Source: USN-5506-1: NSS vulnerabilities

No Image

USN-5505-1: Linux kernel vulnerabilities

2022-07-07 KENNETH 0

USN-5505-1: Linux kernel vulnerabilities Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control [ more… ]